Pen tests and baby pictures

I had a conversation a few days ago that highlighted an interesting similarity between offensive security and, oddly enough, baby pictures. The conversation was with a photographer who worked extensively with families (family portraits, baby pictures, etc.). The photographer mentioned that they offer a package for parents to get pictures of their babies at newborn, […]

Cyber Attack on the City of Atlanta – A stark reminder of the need for and importance of ethical hacking

Thursday morning (22 March, 2018), the City of Atlanta’s computer systems fell victim to what’s being called a ‘cyber attack’. According to the information that we’ve seen thus far, the attack is apparently a ransomware attack demanding payment in exchange for the decryption keys to unlock the affected data. According to news articles, local, state […]

New malware currently targeting restaurants. What you need to know before it targets your industry.

According to this article from Threatpost, a new malware nicknamed FIN7 is using a new technique to spread and avoid detection. The malware is reportedly associated with the Carbanak group and is targeting the restaurant industry.  Considering it’s effectiveness though, it’s safe to assume that either this attacker will move to other industry verticals or […]

Social Engineering, what is it and why is it important?

What is Social Engineering? Once again, the Social Engineering Capture The Flag (SECTF) competition at DEF CON was a huge success.  Social Engineering (SE) is is basically hacking the human element in an organization, tricking the victim into giving the attacker sensitive information about the target.  Attacking the human allows an attacker to bypass the […]

Pastejack – Attacking from the clipboard

Our goal as penetration testers is to learn how malicious hackers operate to compromise the confidentiality, integrity and / or availability of their victims in the real-world and integrate those attacks into our engagements.  This gives our clients the most realistic experience possible so that they’re able to quickly identify an attack when it happens […]